FAIZAN AHMED- CISA Certified, CRISC (Q),

ISO 27001 (Q) Address:Flat 403,Asad Apartment, Delhi Colony, Karachi.

Email:im.faizan@hotmail.com

Cell: +923332862261

CAREER SUMMARY

An experienced IS/IT audit professional with a record of increasing & fulfilling responsibilities with more than 5 years of experience with two big 4 audit firms and a leading courier company for both internal and external IS/IT audits. I am certified Information System Auditor. Certificate # 16128188.

I am currently associated with KPMG Taseer Hadi & Co Pakistan. I am responsible as a Senior IS/IT Consultant in IT Advisory department.

Prior to joining KPMG I worked as a Senior Information Security Compliance in TCS, Senior Associate II at

EY Pakistan ISSA department and Associate II at KPMG Pakistan ITA department, where I had been involved in engagements relating to Information Systems Audit, IT Risk Assessment, I have also involved in

the execution of Information Systems Internal Audits/Financial Audit IT Support assignments.

PROFESSIONAL EXPERIENCE

My selective experience is depicted as follows:

KPMG Taseer Hadi & Co Jan 2016-Present

IT Advisory Consultant

Senior Associate II- Information Technology Advisory & Assurance

I am currently associated with KPMG Taseer Hadi & Co as s senior consultant. I am responsible for the

execution of IS/IT external and Internal audits and consultancy assignments.

I am currently working as a team lead on an advisory assignment at 1Link Guarantee Limited.

My job responsibilities involved the following

Identification of risks and recommendation of controls.

Review and Gap analysis of Policies and Procedures.

Planning audit procedures in response to identified controls and preparation of audit plan.

Review of IT General Controls.

Review of change management control like authorization, approvals, testing, monitoring and

segregation of incompatible duties.

Review of controls over logical access like privileged access management, user access

management, logical access management and segregation of duties.

Understanding and documenting of internal control environment

Reporting control weaknesses to the management in the form of internal audit reports and GAP

Reports.

Preparation of internal and client documentation (e.g. Planning Memos, Budget and Audit

reports).

I have gained professional work experience while working on following nature of assignments:

Performed application controls testing to ensure the Completeness, Accuracy, Validity and

Restricted Access of the transactions for the business critical applications

Review Of Business Continuity Planning

Review and GAP identification of Information Security policies and Procedures (based on ISO

27001, ITIL Framework)

TCS Pakistan Sep 2014-Jan2016

Senior Information Security Compliance Officer

Responsibilities

I am responsible for the monitoring and compliance of ISO 27001 - ISMS.

Achievements: (Assist manger to Conduct ISO 27001-2005 surveillance Audit, Conduct ISO 27001-2005

internal audit individually, conducted ISO 27001-2013 Transition Audit individually)

Security Tools experience: McAfee DLP, GFI LanGuard Patch Management, Manage Engine Event Log

Analyzer, Squid Proxy, Firewall.

My job responsibilities involved the following:

Assist in the development of information security policies across the TCS PrintShop.

Perform internal audits & vulnerability testing for the current IT infrastructure and suggest

appropriate controls on the basis of findings.

Provide technical leadership and guidance in the acquisition, design, development,

implementation and support of the various components of the security architectural framework

Log, investigate and document findings of information security incidents reported to IT

Compliance team

Perform security risk assessments and security exposure analysis of business applications and

databases.

Work directly with the Information Security Manager for risk assessment program in line with IT

security policies; recommend method and approaches for vulnerability detection and its

remediation

Ernst & Young Ford Rhodes SidatHyder Oct 2013-Sep 2014

Senior Associate Consultant - Information Systems Security Assurance

KPMG Taseer Hadi & Co May 2012-Sep 2013

Associate Consultant II- Information Technology Advisory & Assurance

Financial Audit IT Support Assignments at KPMG & EY

Client Main project features

STATE BANK OF

PAKISTAN

NATIONAL BANK OF

PAKISTAN

SONERI BANK LTD

EFU LIFE ASSURANCE

EFU GENERAL

INSURANCE;

HBL ASSET

MANAGEMENT

NATIONAL INVESTMENT

TRUST LTD

PICIC ASSET

MANAGEMENT

ORIX LEASING

PAKISTAN

UBL FUND MANAGERS

LTD

BSN MEDICAL LTD.

SECURITY PAPERS

TOTAL OIL PAKISTAN

DAWOOD YAMAHA

MOTORCYCLES LTD

CONTINENTAL BISCUITS

LTD

BELTEXCO LTD

My areas of expertise are:

IS/IT General Controls Review. (Domain Controller, Active

Directory, Hosting Operating Systems & Databases Security

Review) Information Systems Security Review.

IT Infrastructure Security Review.

Core Business & Modular Applications Security Review.

IT Governance & Compliance Review.

Review of Applications Transactions Flow/Controls Following are some examples of core business applications (ERP):

SAP

Oracle Financials E-Business Suite (EBS)

Electronic Banking System (EBS)

Globus (T24)

In-house developed applications and Modular applications /

Utilities of core business.

Review of General Systems (Operating Systems,

Applications and Databases) Security Settings Operating Systems

Application System (AS)/400

LINUX, UNIX, AIX

Windows 2003, 2008 R-2 Servers

Internal Audit-Financial Audit IT Support Assignments

ICI PAKISTAN LTD

NATIONAL FOODS LTD

Identification, evaluation and validation of IT General Controls over the

program change, logical access and IT operations (backups, monitoring and

problem management) processes for financial applications, Operating

Systems and Databases.

IT Advisory Assignments

1Link Gaurantee Ltd

SSGC Ltd

Information Systems Audit assignment at 1Link as per SBP PSO PSPs guidelines.

IT Policies and Procedure review and Gap analysis as per ITIL V3

HBL Bank

framework.

Security Review of Network devices (Firewalls, Switches and Routers) and databases ( SQL, ORACLE, DB2) security and access controls review.

PROFESSIONAL CREDENTIALS

ISO 27001 Lead Auditor USA 2012

CRISC (Q)USA 2011

Certified Information System Auditor (CISA) USA 2010

EDUCATION

Bachelors in Commerce - University of Karachi, Pakistan 2008

1-Year Post Graduate Diploma in Information Systems 2014

PROFESSIONAL AFFILIATIONS

Member of Institute of Internal Auditors (IIA)

Member of Information System Audit And Control Association (ISACA,USA)

PROFESSIONAL DEVELOPMENT / ACHIEVEMENTS

IRCA Certified ISO 27001:2013-Internal Auditor Course

Achieved 1st position in CRISC Exam in allover Pakistan.

IRCA Certified ISO 27001:2005-Lead Auditor Course passed with 73% score

EXTRA-CURRICULAR ACTIVITIES AND INTERESTS

My time away from work is spent on sports, watching movies and reading.

I enjoy playing cricket.

PERSONAL DETAILS

Date of birth: Sep-15-1987

Passport No: FP1165511

Nationality: Pakistani

Marital status: Married

REFERENCES

Will be provided upon request.